<!DOCTYPE html>
<html>
<head>
  <title>Logging In - CSRF Tokens - Login</title>
  <style type="text/css">
    body {
      padding: 0 10px;
    }

    #form-wrapper {
      padding: 10px 20px;
      background-color: #eee;
    }

    ul {
      list-style-type: none;
    }

    li {
      margin: 10px 0;
    }

    .error {
      color: red;
      font-weight: bold;
    }
  </style>
</head>
<body>
  <h2>login.html</h2>
  <p>
    This example has a regular HTML form that POSTs username, password and csrf token to the node server.
  </p>
  <p>
    In this recipe we are going to show how to bypass and manage CSRF tokens.
  </p>
  <div id="form-wrapper">
    <form method="POST" action="/login">
      <ul>
        <li>
          <label>
            Username:
            <input name="username" />
          </label>
        </li>
        <li>
          <label>
            Password:
            <input name="password" />
          </label>
        </li>
        <li>
          <button type="submit">Submit</button>
        </li>
      </ul>
      <input type="hidden" name="_csrf" value={{csrfToken}} />
    </form>
    {{#if error}}
      <p class="error">{{error}}</p>
    {{/if}}
  </div>
</body>
</html>
